Search for packages
Package details: pkg:deb/debian/varnish@6.1.1-1%2Bdeb10u3
purl pkg:deb/debian/varnish@6.1.1-1%2Bdeb10u3
Next non-vulnerable version 7.1.1-2+deb12u1
Latest non-vulnerable version 7.1.1-2+deb12u1
Risk 4.1
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-9494-9tdz-jkeb
Aliases:
CVE-2022-45060
VSV00011
An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.
6.5.1-1+deb11u3
Affected by 4 other vulnerabilities.
VCID-c4pk-mc4n-wyh9
Aliases:
CVE-2025-30346
VSV00015
varnish: Client-Side Desynchronization in Varnish Cache
7.1.1-1.1+deb12u1
Affected by 2 other vulnerabilities.
VCID-dkhk-j3eu-53he
Aliases:
CVE-2022-23959
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
6.5.1-1+deb11u3
Affected by 4 other vulnerabilities.
VCID-kz93-hnzv-dyfe
Aliases:
CVE-2021-36740
url request injection
6.5.1-1+deb11u3
Affected by 4 other vulnerabilities.
VCID-pb7u-beyt-fbet
Aliases:
CVE-2025-47905
content spoofing
7.1.1-1.1+deb12u1
Affected by 2 other vulnerabilities.
VCID-qswj-nhpw-3qgr
Aliases:
CVE-2020-11653
An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.
6.5.1-1+deb11u3
Affected by 4 other vulnerabilities.
VCID-xdnk-3eyc-quas
Aliases:
CVE-2019-15892
varnish: denial of service handling certain crafted HTTP/1 requests
6.5.1-1+deb11u3
Affected by 4 other vulnerabilities.
VCID-zb85-shgd-9qcq
Aliases:
CVE-2019-20637
An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers.
6.5.1-1+deb11u3
Affected by 4 other vulnerabilities.
Vulnerabilities fixed by this package (5)
Vulnerability Summary Aliases
VCID-dkhk-j3eu-53he In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections. CVE-2022-23959
VCID-e5uu-kd2t-wugu denial of service CVE-2017-12425
VCID-kz93-hnzv-dyfe url request injection CVE-2021-36740
VCID-pmv8-cheb-vfbu information disclosure CVE-2017-8807
VCID-xdnk-3eyc-quas varnish: denial of service handling certain crafted HTTP/1 requests CVE-2019-15892

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-05T15:54:35.963965+00:00 Debian Oval Importer Fixing VCID-e5uu-kd2t-wugu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-07-05T15:08:20.346040+00:00 Debian Oval Importer Affected by VCID-pb7u-beyt-fbet https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-07-05T15:06:49.465538+00:00 Debian Oval Importer Affected by VCID-xdnk-3eyc-quas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-07-05T12:34:41.263446+00:00 Debian Oval Importer Affected by VCID-zb85-shgd-9qcq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-07-05T09:57:08.208390+00:00 Debian Oval Importer Affected by VCID-kz93-hnzv-dyfe https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-07-05T09:46:03.555849+00:00 Debian Oval Importer Affected by VCID-dkhk-j3eu-53he https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-07-05T09:35:41.534648+00:00 Debian Oval Importer Affected by VCID-9494-9tdz-jkeb https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-07-05T06:45:34.778331+00:00 Debian Oval Importer Affected by VCID-c4pk-mc4n-wyh9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-07-05T06:14:10.685459+00:00 Debian Oval Importer Fixing VCID-pmv8-cheb-vfbu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-07-04T06:26:59.071720+00:00 Debian Oval Importer Affected by VCID-qswj-nhpw-3qgr https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-07-04T01:25:17.592021+00:00 Debian Oval Importer Fixing VCID-dkhk-j3eu-53he https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 37.0.0
2025-07-04T00:59:30.963881+00:00 Debian Oval Importer Fixing VCID-kz93-hnzv-dyfe https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 37.0.0
2025-07-04T00:32:49.243371+00:00 Debian Oval Importer Fixing VCID-xdnk-3eyc-quas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 37.0.0
2025-07-02T04:32:15.640867+00:00 Debian Oval Importer Fixing VCID-e5uu-kd2t-wugu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-07-02T03:58:58.449965+00:00 Debian Oval Importer Affected by VCID-pb7u-beyt-fbet https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-07-02T03:57:46.393120+00:00 Debian Oval Importer Affected by VCID-xdnk-3eyc-quas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-07-02T03:02:32.836300+00:00 Debian Oval Importer Affected by VCID-zb85-shgd-9qcq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-07-02T01:40:32.934319+00:00 Debian Oval Importer Affected by VCID-kz93-hnzv-dyfe https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-07-02T01:35:32.006206+00:00 Debian Oval Importer Affected by VCID-dkhk-j3eu-53he https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-07-02T01:30:23.902746+00:00 Debian Oval Importer Affected by VCID-9494-9tdz-jkeb https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-07-02T00:26:24.737942+00:00 Debian Oval Importer Affected by VCID-c4pk-mc4n-wyh9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-07-02T00:14:19.045515+00:00 Debian Oval Importer Fixing VCID-pmv8-cheb-vfbu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-07-01T22:04:33.216021+00:00 Debian Oval Importer Affected by VCID-qswj-nhpw-3qgr https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-07-01T20:54:45.381140+00:00 Debian Oval Importer Fixing VCID-dkhk-j3eu-53he https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-07-01T20:42:21.232839+00:00 Debian Oval Importer Fixing VCID-kz93-hnzv-dyfe https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-07-01T20:32:04.398799+00:00 Debian Oval Importer Fixing VCID-xdnk-3eyc-quas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3